Additional Fargate service

[rnzsgh]

This PR adds the fargate-service.cfn.yml template which supports adding new service(s) to an existing Startup Kit Fargate cluster. Users can toggle registration with the ALB for their service, which they may want to disable if the service is background only.

Additionally, there are some minor modifications including:

• Add a scale evaluation period param (default two)
• Update the default LB alarm to two seconds and two periods
• Additional ENV variables passed to the containers
• Modify the container ENV variable for LB DNS to support user defined DNS
• Additional tags, and tag cleaning
• Typo fixes
• New output params

This PR was tested extensively by manually launching stacks with unique parameters. It was also tested by adding numerous new services (via the new CFN template).

The README.md has not been updated to support the V3 links for this release.

[jpignata]

I did a read through pass. This LGTM – beyond some ignorable nits that I left throughout, my main concerns are:

1. This pull seems to introduce some duplication around how services are defined and there might be an opportunity to DRY that up.
2. I'm increasingly uncomfortable with the fact that templates like this and my reference architecture can't be updated safely due to the use of a seed image. I'm getting the strong urge to muscle a solution here - thoughts in the pull include using a custom resource to safely allow updates or moving partially back to a CloudFormation deploy action in the pipeline to at least create the infrastructure on first deploy.

The update issue seems like it can be handled separately and might require some more thought - but I'd spend some cycles DRY'ing up the usage of the service definitions before merging.

[jpignata]

This is a lot of specificity for a Docker container image tag. I'm not sure what you're envisioning where this amount of detail is really required. An application will typically have a single source repository, that repository should have a single mainline branch, and aspects of the build such as the timestamp that the tag was generated seem superfluous.

[rnzsgh]

We can discuss tomorrow, but since I am not specifying a name for the ECR repository, this clears things up a bit in the console. Currently, I am not generating a new repository per application because this seems unnecessary. I am not religious about this, so we can chat about it on our call.

[jpignata]

I don't have a strong opinion here. Just stood out to me.

[jpignata]

I'd also say, if you're going to concatenate like this, you may want to use variable expansion to make it easier for somebody to skim, and break out some of the variables into their own variables for easier readability

[jpignata]

IIRC, a Fargate service is also part of the Fargate template. Do you intend to DRY this up and use this template within a the "other" Fargate template? I notice several things in fargate.cfn.yml changed to mirror decisions you made in this file.

[rnzsgh]

Ha, I have been thinking about ways to DRY this up. Listener rules require a default target group, so I need to consider this. I can add a couple of conditions to a single template, but I am not sure if the result is going to be difficult for most to read. I created a ticket to investigate.

[jpignata]

Cool. Seems good enough for now.

[jpignata]

What about supporting NLB also by providing a dropdown for HTTP, HTTPS, or TCP in AppProtocol?

[rnzsgh]

Indeed added a ticket to support in the future.

[jpignata]

Consistency nit: some initialisms appear as title case (e.g. Arn, Cpu) and others like this are upper case (e.g. URL, LB). CloudFormation appears to favor the former, while I favor the latter.

[jpignata]

The only place where you need explicit DependsOn declarations are where there's a dependency that isn't evident to CloudFormation from the resource definition. Here you're already referencing TaskDefinition as one of the service's parameters explicitly making this redundant.

[rnzsgh]

Well. That is kind of true. Having been burned by this in the past, I am still paranoid. I am hoping to gain more trust in dependency detection over time.

[jpignata]

It's not clear to me what this comment refers to.

[jpignata]

This is an awful lot of specificity for what I assume will only be one permutation per environment name. I'd simplify.

[jpignata]

💡: Could we replace this seed image with a custom resource that finds the current image deployed or returns a placeholder? Hadn't thought this through and it might result in a circular dependency, but it would potentially make stack updates safe. Either that, or perhaps we need to consider moving back to the CloudFormation deployment mechanism to create the service and task definitions.

[jpignata]

What is this, and why is it defined differently than https://github.com/aws-samples/startup-kit-templates/pull/28/files#diff-dc75529a746c95e046e723297f4b324eR607? I see the note in your pull request description but I still don't really understand what this environment variable is intended to do.

[rnzsgh]

This either displays the Route 53 record if the user specifies or the default DNS name for the ALB (exported value is conditional in the core/base fargate template) This is in place for peeps like me that like to route request to other microservices via the ALB. It is also in place for people who may need to specify links in various places. For example, I place an order and I send an email. The email contains an URL that links back to the product page. This env variable simplifies configuration management for the various environments (e.g., dev.foo.com, bar.foo.com).

[jpignata]

Got it So you're passing the canonical name of the application down so the application itself can use it for self-reference. I'm not sure LOAD_BALANCER_DNS is the most intention-revealing name. it's not wrong, of course, but it isn't precisely correct either, and its function was not obvious to me as a reader. Consider a name that more closely aligns to your intent such as: CANONICAL_NAME.